Reputation: 23935
How do I hide my Storage and SQL connection strings using Azure Cloud Services?
I would like to move the Storage and SQL connection string from configuration files stored in the various projects of my solution to only be accessible in the Azure Portal.
Keeping connection strings in source control means that if anyone got a look at our code base they would have unlimited access to our Azure accounts.
In Azure Web Sites the connection strings can be set in the portal and will be kept when the next deployment occurs. Is it possible to do the same with Cloud Services?
Upvotes: 4
Views: 2461
Answers (3)
Reputation: 11
This is really late, but if you have deployed your project as a webservice, the easiest way to store connection strings securely is to go to:
Your App Service -> Configuration -> Connection Strings -> New connection string
Here, add the name of your connection string (say DBConnectionString) and the value of your connection string. This value should replace any dummy connection string with the name DBConnectionString inside your Web.config file with the value you added above.
Your Web.config file should contain what is shown below. Here you can replace SOME DUMMY VALUE with anything; the deployed service will take the connection string from azure portal. Local debugging will require you to add the connection string again.
<connectionStrings>
<add name="DBConnectionString"
connectionString="SOME DUMMY VALUE" />
</connectionStrings>
Upvotes: 0
Reputation: 41827
This should be now possible with Azure Key Vault. I haven't tried it - but plan to - but here's a good tutorial on getting started with key vault and then using key vault from a web app. Whether this works exactly the same for Cloud Services I'm not sure.
Upvotes: 3
Reputation: 17496
No, it is not possible. A cloud service is a VM, it is not an application that can consume connection strings.
If you have a continuous integration server, what you can do is this: before you deploy your app into the cloud service, run a script that changes the value of the connection string to what you like, and deploy that. In this way, the connection string is only visible in your CI server and not in your code.
Note however that if you already committed the connection strings to your codebase, there's no way to remove them from the history. (Unless you do a force push, which is not recommended).
Upvotes: 4
Related Questions
- Azure Sql Db connection string when using MSI
- How to connect to azure sql from local visual studio environment without storing connection string?
- Connection String to an Azure Cloud Storage Account
- How to properly store connection strings in Azure?
- Azure Storage connection string How to implement to applicate
- Windows Azure portal connection strings
- Windows Azure Connection Strings - How to Handle Local vs. Production?
- Is it possible to protect Azure connection strings that are referenced with CloudConfigurationManager?
- What is the item of 'connection strings' for on azure? And how could I add it?
- Windows Azure Connection String